Paper 2016/807

Multilateral White-Box Cryptanalysis: Case study on WB-AES of CHES Challenge 2016

Hyunjin Ahn and Dong-Guk Han

Abstract

The security requirement of white-box cryptography (WBC) is that it should protect the secret key from a white-box security model that permits an adversary who is able to entirely control the execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the WBCs are vulnerable to algebraic attacks from a white-box security perspective. Recently, a new differential computation analysis (DCA) attack has been proposed that thwarts the white-box implementation of block cipher AES (WB-AES) by monitoring the memory information accessed during the execution of the algorithm. Although the attack requires the ability to estimate the internal information of the memory pattern, it retrieves the secret key after a few attempts. In addition, it is proposed that the hardware implementation of WB-AES is vulnerable to differential power analysis (DPA) attack. In this paper, we propose a DPA-based attack that directly exploits the intermediate values of WB-AES computation with ut requiring to utilize memory data. We also demonstrate its practicability with respect to public software implementation of WB-AES. Additionally, we investigate the vulnerability of our target primitive to DPA by acquiring actual power consumption traces of software implementation.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
White-Box CryptanalysisSide-Channel AttackSoftware Implementation
Contact author(s)
christa @ kookmin ac kr
ahz012 @ kookmin ac kr
History
2016-09-02: revised
2016-08-25: received
See all versions
Short URL
https://ia.cr/2016/807
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/807,
      author = {Hyunjin Ahn and Dong-Guk Han},
      title = {Multilateral White-Box Cryptanalysis: Case study on {WB}-{AES} of {CHES} Challenge 2016},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/807},
      year = {2016},
      url = {https://eprint.iacr.org/2016/807}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.